TheDanMan
08-11-2005 08:30:20
Am I doing anything stupid?
#!/bin/sh
set -e
PATH="/bin:/sbin:/usr/bin:/usr/sbin"
case "$1" in
start)
iptables -F
iptables -t nat -F
# Default Deny Policy
iptables -P INPUT DROP
iptables -P FORWARD DROP
# Existing connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Localhost is always trusted.
iptables -A INPUT -i lo -j ACCEPT
# Allow SSH, WWW, DNS, WEBMIN, POP3, SMTP, IMAP2, HTTPS, FTP, GKRELLM
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 22 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 80 -j ACCEPT
iptables -A INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 25 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 53 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 10000 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 110 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 113 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 143 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 443 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 993 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 995 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --syn --dport 10001 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
;;
stop)
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
;;
restart|reload)
"$0" start
"$0" stop
;;
*)
echo "Usage: $0 {start|stop|reload|restart}"
esac